Tag Archive for: Responsible

Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks

REvil Ransomware

In an unprecedented move, Russia’s Federal Security Service (FSB), the country’s principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations.

The surprise operation, which it said was carried out at the request of the U.S. authorities, saw the law enforcement agency conduct raids at 25 addresses in the cities of Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions that belonged to 14 suspected members of the organized cybercrime syndicate.

“In order to implement the criminal plan, these persons developed malicious software, organized the theft of funds from the bank accounts of foreign citizens and their cashing, including through the purchase of expensive goods on the Internet,” the FSB said in a statement.

Automatic GitHub Backups

In addition, the FSB seized over 426 million rubles, including in cryptocurrency, $600,000, €500,000, as well as computer equipment, crypto wallets used to commit crimes, and 20 luxury cars that were purchased with money obtained by illicit means.

One of the most active ransomware crews last year, REvil took responsibility for high-profile attacks against JBS and Kaseya, among a string of several others. The U.S. government told Reuters that one of the arrested individuals was also behind the ransomware attack on Colonial Pipeline in May 2021, once again confirming REvil’s connections to another group called DarkSide.

REvil Ransomware

The group formally closed shop in October 2021 after the U.S. intervened to take its network of dark web servers offline. The next month, Romanian law enforcement authorities announced the arrest of two individuals for their roles as affiliates of the REvil ransomware family, even as the U.S. charged a 22-year-old Ukrainian citizen linked to the ransomware gang for orchestrating the Kaseya ransomware attack.

All those detained have been charged with “illegal circulation of means of payment,” a criminal offense punishable by up to six years in prison. The suspects weren’t named, but Reuters noted that a Moscow court identified two of the men as Roman Muromsky and Andrei Bessonov.

Prevent Data Breaches

The crackdown also comes as threat actors likely affiliated with…


US bans iPhone hacking firm NSO Group responsible for Pegasus attacks

iPhone Hacking

© Provided by BGR
iPhone Hacking

The NSO Group is an Israel-based security firm dealing in hacking tools that law enforcement agencies use to hack smartphones. The company came under fire earlier this year. Security researchers found that attackers used the Pegasus family of hacking programs to target individuals. The Pegasus hack allowed nation-states to spy on iPhones without user knowledge via sophisticated attacks that leave no trace. A New York Times journalist recently detailed his experience with the hack. He explained that he had no way of knowing who hacked him or what they had stolen. All he knew was that they got into his iPhone. The NSO Group denied the reports every step of the way.

NSO’s denials apparently weren’t enough to convince the US government, though. The US has now placed the Israeli company on the infamous entity list. As a result, the NSO Group can’t do any business with American companies, whether on the hardware or software side.

More Amazon Deals from BGR

The US ban

The US announced on Wednesday that it added four companies to the entity list, including NSO Group. Israeli surveillance company Candiru is also on the list. Russia’s Positive Technologies and Singapore’s Computer Security Initiative Consultancy are the others. Both trafficked in hacking tools that threaten “the privacy and security of individuals and organizations worldwide.”

The commerce department said the new additions to the entity list are part of the Biden administration’s “efforts to put human rights at the center of US foreign policy, including by working to stem the proliferation of digital tools used for repression.” Here’s the part that concerns the NSO Group:

NSO Group and Candiru (Israel) were added to the Entity List based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers. These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign…


China responsible for big Microsoft Exchange hack, US charges

The Biden administration on Monday blamed China for a hack of Microsoft Exchange email server software that compromised tens of thousands of computers around the world earlier this year.

The administration and allied nations also disclosed a broad range of other cyberthreats from Beijing, including ransomware attacks from government-affiliated hackers that have targeted companies with demands for millions of dollars. China’s Ministry of State Security has been using criminal contract hackers, who have engaged in cyber extortion schemes and theft for their own profit, according to a senior administration official. That official briefed reporters about the investigation on the condition of anonymity.

Meanwhile, the Justice Department on Monday announced charges against four Chinese nationals who prosecutors said were working with the Ministry of State Security in a hacking campaign that targeted dozens of computer systems, including companies, universities and government entities.

The announcements highlighted the ongoing cyberthreat posed by Chinese government hackers even as the administration has been consumed with trying to curb ransomware attacks from Russia-based syndicates that have targeted critical infrastructure, including a massive fuel pipeline. Even though the finger-pointing was not accompanied by any sanctions of Beijing, a senior administration official who disclosed the actions to reporters said that the U.S. has confronted senior Chinese officials and that the White House regards the multination public shaming as sending an importance message.

Feds offer $10M in rewards for information about hackers, ransomware

That hackers affiliated with the Ministry of State Security carried out a ransomware attack was surprising and concerning to the U.S. government, the senior administration official said. But the attack, in which an unidentified American company received a high-dollar ransom demand, also gave U.S. officials new insight into what the official said was “the kind of aggressive behavior that we’re seeing coming out of China.”

The European Union and Britain also pointed the finger at China. The EU said malicious cyber activities with…


Russians responsible for SolarWinds hack are targeting COVID-19 research, cyber officials say

Federal cyber officials on Thursday blamed the Russian Foreign Intelligence Service (SVR) for the SolarWinds hack of computer network management software and the targeting of COVID-19 research.

Previously, the government had said Russia was likely responsible for the hack that compromised nine federal agencies, but Thursday’s joint statement from the National Security Agency, FBI, and Cybersecurity and Infrastructure Security Agency provided more formal attribution of the hack that was publicly disclosed last year. The federal agencies pointed to SVR actors, also known as APT29 and Cozy Bear, as responsible for the hack.

“Recent Russian SVR activities include compromising SolarWinds® Orion® software updates, targeting COVID-19 research facilities through deploying WellMess malware, and leveraging a VMware® vulnerability that was a zero-day at the time for follow-on Security Assertion Markup Language (SAML) authentication abuse,” said the agencies in the cybersecurity advisory. “SVR cyber actors also used authentication abuse tactics following SolarWinds-based breaches.”